1579320 – etcd certificate re-deploy during Red Hat OpenShift Container Platform 3.9 upgrade is failing

Bug 1579320 - etcd certificate re-deploy during Red Hat OpenShift Container Platform 3.9 upgrade is failing

Summary: etcd certificate re-deploy during Red Hat OpenShift Container Platform 3.9 up...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.9.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.9.z
Assignee:	Vadim Rutkovsky
QA Contact:	Gaoyun Pei
Docs Contact:
URL:
Whiteboard:
Depends On:	1578934 1579321
Blocks:	1579319
TreeView+	depends on / blocked

Reported:	2018-05-17 11:15 UTC by Vadim Rutkovsky
Modified:	2018-09-06 18:27 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1578934
Environment:
Last Closed:	2018-09-06 18:27:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Vadim Rutkovsky 2018-05-17 11:30:16 UTC

Created https://github.com/openshift/openshift-ansible/pull/8403

Comment 2 Vadim Rutkovsky 2018-05-28 08:15:32 UTC

Fix is available in openshift-ansible-3.9.30-1

Comment 3 Gaoyun Pei 2018-06-19 09:13:56 UTC

Verify this bug with openshift-ansible-3.9.31-1.git.34.154617d.el7.noarch.rpm.

During 3.7 to 3.9 upgrade, when etcd redeploy-certificates.yml is called, it could backup etcd certs and generate new cert files correctly.

Copy file steps:

TASK [etcd : file] **********************************************************************************************************************************************************
changed: [qe-gpei-rpm37-master-1.0618-2lg.qe.rhcloud.com -> qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com] => {"changed": true, "dest": "/etc/etcd/generated_certs/openshift-master-qe-gpei-rpm37-master-1/master.etcd-ca.crt", "failed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 1895, "src": "/etc/etcd/ca/ca.crt", "state": "hard", "uid": 0}

...

TASK [etcd : file] **********************************************************************************************************************************************************
changed: [qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com -> qe-gpei-rpm37-etcd-1.0618-2lg.qe.rhcloud.com] => {"changed": true, "dest": "/etc/etcd/generated_certs/etcd-qe-gpei-rpm37-etcd-1/ca.crt", "failed": false, "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 1895, "src": "/etc/etcd/ca/ca.crt", "state": "hard", "uid": 0}

Note You need to log in before you can comment on or make changes to this bug.